@strapi/strapi 4.0.0-beta.0

package/lib/middlewares/router/index.js

@@ -0,0 +1,97 @@
+'use strict';
+
+const _ = require('lodash');
+const { toLower } = require('lodash/fp');
+
+const createRouteScopeGenerator = namespace => route => {
+  const prefix = namespace.endsWith('::') ? namespace : `${namespace}.`;
+
+  if (typeof route.handler === 'string') {
+    const [controller, action] = route.handler.split('.');
+
+    _.defaultsDeep(route, {
+      config: {
+        auth: {
+          scope: `${prefix}${controller}.${toLower(action)}`,
+        },
+      },
+    });
+  }
+};
+
+module.exports = strapi => {
+  const registerAdminRoutes = () => {
+    const generateRouteScope = createRouteScopeGenerator(`admin::`);
+
+    strapi.admin.routes.forEach(route => {
+      generateRouteScope(route);
+      route.info = { pluginName: 'admin' };
+    });
+
+    strapi.server.routes({
+      type: 'admin',
+      prefix: '/admin',
+      routes: strapi.admin.routes,
+    });
+  };
+
+  const registerPluginRoutes = () => {
+    for (const pluginName in strapi.plugins) {
+      const plugin = strapi.plugins[pluginName];
+
+      const generateRouteScope = createRouteScopeGenerator(`plugin::${pluginName}`);
+
+      if (Array.isArray(plugin.routes)) {
+        plugin.routes.forEach(route => {
+          generateRouteScope(route);
+          route.info = { pluginName };
+        });
+
+        strapi.server.routes({
+          type: 'admin',
+          prefix: `/${pluginName}`,
+          routes: plugin.routes,
+        });
+      } else {
+        _.forEach(plugin.routes, router => {
+          router.type = router.type || 'admin';
+          router.prefix = `/${pluginName}`;
+          router.routes.forEach(route => {
+            generateRouteScope(route);
+            route.info = { pluginName };
+          });
+
+          strapi.server.routes(router);
+        });
+      }
+    }
+  };
+
+  const registerAPIRoutes = () => {
+    for (const apiName in strapi.api) {
+      const api = strapi.api[apiName];
+
+      const generateRouteScope = createRouteScopeGenerator(`api::${apiName}`);
+
+      _.forEach(api.routes, router => {
+        // TODO: remove once auth setup
+        // pass meta down to compose endpoint
+        router.type = 'content-api';
+        router.routes.forEach(route => {
+          generateRouteScope(route);
+          route.info = { apiName };
+        });
+
+        return strapi.server.routes(router);
+      });
+    }
+  };
+
+  return {
+    initialize() {
+      registerAdminRoutes();
+      registerAPIRoutes();
+      registerPluginRoutes();
+    },
+  };
+};

package/lib/middlewares/session/defaults.json

@@ -0,0 +1,18 @@
+{
+  "session": {
+    "enabled": true,
+    "client": "cookie",
+    "key": "strapi.sid",
+    "prefix": "strapi:sess:",
+    "ttl": 864000000,
+    "rolling": false,
+    "secretKeys": ["mySecretKey1", "mySecretKey2"],
+    "cookie": {
+      "path": "/",
+      "httpOnly": true,
+      "maxAge": 864000000,
+      "rewrite": true,
+      "signed": false
+    }
+  }
+}

package/lib/middlewares/session/index.js

@@ -0,0 +1,140 @@
+'use strict';
+
+const path = require('path');
+const _ = require('lodash');
+const session = require('koa-session');
+
+/**
+ * Session middleware
+ */
+module.exports = strapi => {
+  const requireStore = store => {
+    return require(path.resolve(strapi.config.appPath, 'node_modules', 'koa-' + store));
+  };
+
+  const defineStore = session => {
+    if (_.isEmpty(_.get(session, 'client'))) {
+      return strapi.log.error(
+        '(middleware:session) please provide a valid client to store session'
+      );
+    } else if (_.isEmpty(_.get(session, 'connection'))) {
+      return strapi.log.error(
+        '(middleware:session) please provide connection for the session store'
+      );
+    } else if (!strapi.config.get(`database.connections.${session.connection}`)) {
+      return strapi.log.error(
+        '(middleware:session) please provide a valid connection for the session store'
+      );
+    }
+
+    session.settings = strapi.config.get(`database.connections.${session.connection}`);
+
+    // Define correct store name to avoid require to failed.
+    switch (session.client.toLowerCase()) {
+      case 'redis': {
+        const store = requireStore('redis');
+
+        session.settings.db = session.settings.database;
+
+        return store(session.settings);
+      }
+      case 'mysql': {
+        const Store = requireStore('mysql-session');
+
+        return new Store(session.settings);
+      }
+      case 'mongo': {
+        const Store = requireStore('generic-session-mongo');
+
+        session.settings.db = session.settings.database;
+
+        return new Store(session.settings);
+      }
+      case 'postgresql': {
+        const Store = requireStore('pg-session');
+
+        return new Store(session.settings, session.options);
+      }
+      case 'rethink': {
+        const Store = requireStore('generic-session-rethinkdb');
+
+        session.settings.dbName = session.settings.database;
+        session.settings.tableName = session.settings.table;
+
+        const sessionStore = new Store({
+          connection: session.settings,
+        });
+
+        // Create the DB, tables and indexes to store sessions.
+        sessionStore.setup();
+
+        return sessionStore;
+      }
+      case 'sqlite': {
+        const Store = requireStore('sqlite3-session');
+
+        return new Store(session.fileName, session.options);
+      }
+      case 'sequelize': {
+        const Store = requireStore('generic-session-sequelize');
+
+        // Sequelize needs to be instantiated.
+        if (!_.isObject(strapi.sequelize)) {
+          return null;
+        }
+
+        return new Store(strapi.sequelize, session.options);
+      }
+      default: {
+        return null;
+      }
+    }
+  };
+
+  return {
+    initialize() {
+      strapi.server.app.keys = strapi.config.get('middleware.settings.session.secretKeys');
+
+      if (
+        _.has(strapi.config.middleware.settings.session, 'client') &&
+        _.isString(strapi.config.middleware.settings.session.client) &&
+        strapi.config.middleware.settings.session.client !== 'cookie'
+      ) {
+        const store = defineStore(strapi.config.middleware.settings.session);
+
+        if (!_.isEmpty(store)) {
+          // Options object contains the defined store, the custom middlewares configurations
+          // and also the function which are located to `./config/functions/session.js`
+          const options = _.assign(
+            {
+              store,
+            },
+            strapi.config.middleware.settings.session
+          );
+
+          strapi.server.use(session(options, strapi.server.app));
+          strapi.server.use((ctx, next) => {
+            ctx.state = ctx.state || {};
+            ctx.state.session = ctx.session || {};
+
+            return next();
+          });
+        }
+      } else if (
+        _.has(strapi.config.middleware.settings.session, 'client') &&
+        _.isString(strapi.config.middleware.settings.session.client) &&
+        strapi.config.middleware.settings.session.client === 'cookie'
+      ) {
+        const options = _.assign(strapi.config.middleware.settings.session);
+
+        strapi.server.use(session(options, strapi.server.app));
+        strapi.server.use((ctx, next) => {
+          ctx.state = ctx.state || {};
+          ctx.state.session = ctx.session || {};
+
+          return next();
+        });
+      }
+    },
+  };
+};

package/lib/migrations/draft-publish.js

@@ -0,0 +1,57 @@
+'use strict';
+
+const { hasDraftAndPublish } = require('@strapi/utils').contentTypes;
+
+const enableDraftAndPublish = async ({ oldContentTypes, contentTypes }) => {
+  if (!oldContentTypes) {
+    return;
+  }
+  // run the after content types migrations
+
+  for (const uid in contentTypes) {
+    if (!oldContentTypes[uid]) {
+      continue;
+    }
+
+    const oldContentType = oldContentTypes[uid];
+    const contentType = contentTypes[uid];
+
+    // if d&p was enabled set publishedAt to eq createdAt
+    if (!hasDraftAndPublish(oldContentType) && hasDraftAndPublish(contentType)) {
+      const qb = strapi.db.queryBuilder(uid);
+      await qb
+        .update({ published_at: qb.ref('created_at') })
+        .where({ published_at: null })
+        .execute();
+    }
+  }
+};
+
+const disableDraftAndPublish = async ({ oldContentTypes, contentTypes }) => {
+  if (!oldContentTypes) {
+    return;
+  }
+
+  for (const uid in contentTypes) {
+    if (!oldContentTypes[uid]) {
+      continue;
+    }
+
+    const oldContentType = oldContentTypes[uid];
+    const contentType = contentTypes[uid];
+
+    // if d&p was disabled remove unpublish content before sync
+    if (hasDraftAndPublish(oldContentType) && !hasDraftAndPublish(contentType)) {
+      await strapi.db
+        .queryBuilder(uid)
+        .delete()
+        .where({ published_at: null })
+        .execute();
+    }
+  }
+};
+
+module.exports = {
+  enable: enableDraftAndPublish,
+  disable: disableDraftAndPublish,
+};

package/lib/services/auth/index.js

@@ -0,0 +1,92 @@
+'use strict';
+
+const { strict: assert } = require('assert');
+const { has, prop } = require('lodash/fp');
+
+class UnauthorizedError extends Error {}
+class ForbiddenError extends Error {}
+
+const INVALID_STRATEGY_MSG =
+  'Invalid auth strategy. Expecting an object with properties {name: string, authenticate: function, verify: function}';
+
+const validStrategy = strategy => {
+  assert(has('authenticate', strategy), INVALID_STRATEGY_MSG);
+  assert(typeof strategy.authenticate === 'function', INVALID_STRATEGY_MSG);
+
+  if (has('verify', strategy)) {
+    assert(typeof strategy.verify === 'function', INVALID_STRATEGY_MSG);
+  }
+};
+
+const createAuthentication = () => {
+  const strategies = {};
+
+  return {
+    errors: {
+      UnauthorizedError,
+      ForbiddenError,
+    },
+    register(type, strategy) {
+      validStrategy(strategy);
+
+      if (!strategies[type]) {
+        strategies[type] = [];
+      }
+
+      strategies[type].push(strategy);
+
+      return this;
+    },
+    async authenticate(ctx, next) {
+      const { route } = ctx.state;
+
+      // use route strategy
+      const config = prop('config.auth', route);
+
+      if (config === false) {
+        return next();
+      }
+
+      const strategiesToUse = strategies[route.info.type];
+
+      for (const strategy of strategiesToUse) {
+        const result = await strategy.authenticate(ctx);
+
+        const { authenticated = false, error = null, credentials } = result || {};
+
+        if (error !== null) {
+          return ctx.unauthorized(error);
+        }
+
+        if (authenticated) {
+          ctx.state.isAuthenticated = true;
+          ctx.state.auth = {
+            strategy,
+            credentials,
+          };
+
+          return next();
+        }
+      }
+
+      return ctx.unauthorized('Missing or invalid credentials');
+    },
+    async verify(auth, config = {}) {
+      if (config === false) {
+        return;
+      }
+
+      if (!auth) {
+        throw new UnauthorizedError();
+      }
+
+      if (typeof auth.strategy.verify === 'function') {
+        return auth.strategy.verify(auth, config);
+      }
+
+      return;
+    },
+  };
+};
+
+module.exports = createAuthentication;

package/lib/services/core-store.js

@@ -0,0 +1,145 @@
+'use strict';
+
+const coreStoreModel = {
+  uid: 'strapi::core-store',
+  collectionName: 'strapi_core_store_settings',
+  attributes: {
+    key: {
+      type: 'string',
+    },
+    value: {
+      type: 'text',
+    },
+    type: {
+      type: 'string',
+    },
+    environment: {
+      type: 'string',
+    },
+    tag: {
+      type: 'string',
+    },
+  },
+};
+
+const createCoreStore = ({ db }) => {
+  const mergeParams = (defaultParams, params) => {
+    return {
+      ...defaultParams,
+      ...params,
+    };
+  };
+
+  const store = function(defaultParams = {}) {
+    return {
+      get: params => store.get(mergeParams(defaultParams, params)),
+      set: params => store.set(mergeParams(defaultParams, params)),
+      delete: params => store.delete(mergeParams(defaultParams, params)),
+    };
+  };
+
+  Object.assign(store, {
+    /**
+     * Get value from the core store
+     * @param {Object} params
+     * @returns {*}
+     */
+    async get(params = {}) {
+      const { key, type = 'core', environment, name, tag } = params;
+
+      const prefix = `${type}${name ? `_${name}` : ''}`;
+
+      const where = {
+        key: `${prefix}_${key}`,
+        environment: environment || null,
+        tag: tag || null,
+      };
+
+      const data = await db.query('strapi::core-store').findOne({ where });
+
+      if (!data) {
+        return null;
+      }
+
+      if (
+        data.type === 'object' ||
+        data.type === 'array' ||
+        data.type === 'boolean' ||
+        data.type === 'string'
+      ) {
+        try {
+          return JSON.parse(data.value);
+        } catch (err) {
+          return new Date(data.value);
+        }
+      } else if (data.type === 'number') {
+        return Number(data.value);
+      } else {
+        return null;
+      }
+    },
+
+    /**
+     * Set value in the core store
+     * @param {Object} params
+     * @returns {*}
+     */
+    async set(params = {}) {
+      const { key, value, type, environment, name, tag } = params;
+
+      const prefix = `${type}${name ? `_${name}` : ''}`;
+
+      const where = {
+        key: `${prefix}_${key}`,
+        environment: environment || null,
+        tag: tag || null,
+      };
+
+      const data = await db.query('strapi::core-store').findOne({ where });
+
+      if (data) {
+        return db.query('strapi::core-store').update({
+          where: { id: data.id },
+          data: {
+            value: JSON.stringify(value) || value.toString(),
+            type: typeof value,
+          },
+        });
+      }
+
+      return db.query('strapi::core-store').create({
+        data: {
+          ...where,
+          value: JSON.stringify(value) || value.toString(),
+          type: typeof value,
+        },
+      });
+    },
+
+    /**
+     * Deletes a value from the core store
+     * @param {Object} params
+     * @returns {*}
+     */
+    async delete(params = {}) {
+      const { key, environment, type, name, tag } = params;
+
+      const prefix = `${type}${name ? `_${name}` : ''}`;
+
+      const where = {
+        key: `${prefix}_${key}`,
+        environment: environment || null,
+        tag: tag || null,
+      };
+
+      return db.query('strapi::core-store').delete({ where });
+    },
+  });
+
+  return store;
+};
+
+module.exports = {
+  coreStoreModel,
+  createCoreStore,
+};

package/lib/services/cron.js

@@ -0,0 +1,54 @@
+'use strict';
+
+const { Job } = require('node-schedule');
+const { isFunction } = require('lodash/fp');
+
+const createCronService = () => {
+  let jobsSpecs = [];
+
+  return {
+    add(tasks = {}) {
+      for (const taskExpression in tasks) {
+        const taskValue = tasks[taskExpression];
+
+        let fn;
+        let options;
+        if (isFunction(taskValue)) {
+          fn = taskValue.bind(tasks);
+          options = taskExpression;
+        } else if (isFunction(taskValue.task)) {
+          fn = taskValue.task.bind(taskValue);
+          options = taskValue.options;
+        } else {
+          throw new Error(
+            `Could not schedule a cron job for "${taskExpression}": no function found.`
+          );
+        }
+
+        const fnWithStrapi = (...args) => fn({ strapi }, ...args);
+
+        const job = new Job(null, fnWithStrapi);
+        jobsSpecs.push({ job, options });
+      }
+      return this;
+    },
+    start() {
+      if (!strapi.config.get('server.cron.enabled')) {
+        return;
+      }
+      jobsSpecs.forEach(({ job, options }) => job.schedule(options));
+      return this;
+    },
+    stop() {
+      jobsSpecs.forEach(({ job }) => job.cancel());
+      return this;
+    },
+    destroy() {
+      this.stop();
+      jobsSpecs = [];
+      return this;
+    },
+  };
+};
+
+module.exports = createCronService;